Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] Don't generate 1024-bit RSA keys #1015

Merged
merged 8 commits into from
Oct 19, 2018
Merged

[security] Don't generate 1024-bit RSA keys #1015

merged 8 commits into from
Oct 19, 2018

Conversation

alex
Copy link
Member

@alex alex commented May 16, 2018

Contributor Checklist:

@alex alex changed the title Don't generate 1024-bit RSA keys [security] Don't generate 1024-bit RSA keys May 16, 2018
@alex
Copy link
Member Author

alex commented May 16, 2018

Test failures are due to the bug being fixed in #1014

@alex
Copy link
Member Author

alex commented May 17, 2018

https://twistedmatrix.com/trac/ticket/9453

@codecov
Copy link

codecov bot commented May 17, 2018
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (trunk@4f14c02). Click here to learn what that means.
The diff coverage is 100%.

@@           Coverage Diff            @@
##             trunk    #1015   +/-   ##
========================================
  Coverage         ?   89.67%           
========================================
  Files            ?      844           
  Lines            ?   150896           
  Branches         ?    13160           
========================================
  Hits             ?   135313           
  Misses           ?    13257           
  Partials         ?     2326

exarkun
exarkun reviewed May 22, 2018
View reviewed changes
src/twisted/newsfragments/9453.bugfix Outdated
@@ -0,0 +1 @@
twisted.internet._sslverify.KeyPair.generate: No longer generate 1024-bit RSA keys by default. Anyone who generated a key with this method using the default value should move to replace it immediately.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The public name of the API is twisted.internet.ssl.KeyPair.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also the style guideline for news fragments suggests this should be more like:

twisted.internet.ssl.KeyPair.generate now defaults to generating a 2048 bit key.

I doubt that this is an effective place to provide "immediate" security action guidance.

markrwilliams
markrwilliams approved these changes Jun 19, 2018
View reviewed changes
Copy link
Member

@markrwilliams markrwilliams left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1024 is not enough. Thanks!

@alex
Copy link
Member Author

alex commented Jul 1, 2018

@markrwilliams do you need anything from me on this?

@markrwilliams
Copy link
Member

@alex Sorry for my terse message. You don't need to do anything more - this only needs successful builds from Appveyor and Travis, both of which failed for unrelated reasons:

https://ci.appveyor.com/project/adiroiban/twisted/build/trunk-5076/job/kh8d8chxucxo3ni8#L18437
https://travis-ci.org/twisted/twisted/jobs/393945255#L4491

@alex
Copy link
Member Author

alex commented Jul 1, 2018

@markrwilliams thanks! they look to be green now.

@twm
Copy link
Contributor

twm commented Oct 18, 2018

admin/pr_as_branch 1015 9453 1024-is-not-enough-bits

@twm twm merged commit db8ef6b into twisted:trunk Oct 19, 2018
@alex alex deleted the 1024-is-not-enough-bits branch October 19, 2018 18:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@exarkun exarkun exarkun left review comments

@mstojcevich mstojcevich mstojcevich approved these changes

@markrwilliams markrwilliams markrwilliams approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@alex @markrwilliams @twm @exarkun @mstojcevich